Tianocore Edk2 vulnerabilities

CVE-2025-2296 [HIGH] CWE-20 CVE-2025-2296: EDK2 contains a vulnerability in BIOS where an attacker may cause “ Improper Input Validation” by lo EDK2 contains a vulnerability in BIOS where an attacker may cause “ Improper Input Validation” by local access. Successful exploitation of this vulnerability could alter control flow in unexpected ways, potentially allowing arbitrary command execution and impacting Confidentiality, Integrity, and Availability.

CVE-2024-38798 [MEDIUM] CWE-200 CVE-2024-38798: EDK2 contains a vulnerability in BIOS where an attacker may cause “Exposure of Sensitive Information EDK2 contains a vulnerability in BIOS where an attacker may cause “Exposure of Sensitive Information to an Unauthorized Actor” by local access. Successful exploitation of this vulnerability will lead to possible information disclosure or escalation of privilege and impact Confidentiality.

CVE-2025-2486 [LOW] CVE-2025-2486: The Ubuntu edk2 UEFI firmware packages accidentally allowed the UEFI Shell to be accessed in Secure The Ubuntu edk2 UEFI firmware packages accidentally allowed the UEFI Shell to be accessed in Secure Boot environments, possibly allowing bypass of Secure Boot constraints. Versions 2024.05-2ubuntu0.3 and 2024.02-2ubuntu0.3 disable the Shell. Some previous versions inserted a secure-boot-based decision to continue running inside the Shell itself, which is believed

CVE-2024-38805 [MEDIUM] CWE-190 CVE-2024-38805: EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by ne EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service.

CVE-2025-3770 [HIGH] CWE-693 CVE-2025-3770: EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by EDK2 contains a vulnerability in BIOS where an attacker may cause “Protection Mechanism Failure” by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impact Confidentiality, Integrity, and Availability.

CVE-2024-38797 [MEDIUM] CWE-125 CVE-2024-38797: EDK2 contains a vulnerability in the HashPeImageByType(). A user may cause a read out of bounds when EDK2 contains a vulnerability in the HashPeImageByType(). A user may cause a read out of bounds when a corrupted data pointer and length are sent via an adjecent network. A successful exploit of this vulnerability may lead to a loss of Integrity and/or Availability.

CVE-2025-2295 [LOW] CWE-190 CVE-2025-2295: EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by ne EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service.

CVE-2024-38796 [MEDIUM] CWE-122 CVE-2024-38796: EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage(). An Attacker may cause memory corru EDK2 contains a vulnerability in the PeCoffLoaderRelocateImage(). An Attacker may cause memory corruption due to an overflow via an adjacent network. A successful exploit of this vulnerability may lead to a loss of Confidentiality, Integrity, and/or Availability.

CVE-2024-1298 [MEDIUM] CWE-369 CVE-2024-1298: EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Z EDK2 contains a vulnerability when S3 sleep is activated where an Attacker may cause a Division-By-Zero due to a UNIT32 overflow via local access. A successful exploit of this vulnerability may lead to a loss of Availability.

CVE-2023-49721 [MEDIUM] CWE-276 CVE-2023-49721: An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident An insecure default to allow UEFI Shell in EDK2 was left enabled in LXD. This allows an OS-resident attacker to bypass Secure Boot.

CVE-2023-48733 [MEDIUM] CWE-1188 CVE-2023-48733: An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS An insecure default to allow UEFI Shell in EDK2 was left enabled in Ubuntu's EDK2. This allows an OS-resident attacker to bypass Secure Boot.

CVE-2023-45232 [HIGH] CWE-835 CVE-2023-45232: EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options EDK2's Network Package is susceptible to an infinite loop vulnerability when parsing unknown options in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.

CVE-2023-45236 [MEDIUM] CWE-200 CVE-2023-45236: EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerabil EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.

CVE-2023-45235 [HIGH] CWE-119 CVE-2023-45235: EDK2's Network Package is susceptible to a buffer overflow vulnerability when handling Server I EDK2's Network Package is susceptible to a buffer overflow vulnerability when handling Server ID option from a DHCPv6 proxy Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.

CVE-2023-45237 [MEDIUM] CWE-338 CVE-2023-45237: EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerabil EDK2's Network Package is susceptible to a predictable TCP Initial Sequence Number. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.

CVE-2023-45234 [HIGH] CWE-119 CVE-2023-45234: EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers EDK2's Network Package is susceptible to a buffer overflow vulnerability when processing DNS Servers option from a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.

CVE-2023-45230 [HIGH] CWE-119 CVE-2023-45230: EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option EDK2's Network Package is susceptible to a buffer overflow vulnerability via a long server ID option in DHCPv6 client. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality, Integrity and/or Availability.

CVE-2023-45233 [HIGH] CWE-835 CVE-2023-45233: EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in EDK2's Network Package is susceptible to an infinite lop vulnerability when parsing a PadN option in the Destination Options header of IPv6. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Availability.

CVE-2023-45231 [MEDIUM] CWE-125 CVE-2023-45231: EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing  Neigh EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing Neighbor Discovery Redirect message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.

CVE-2023-45229 [MEDIUM] CWE-125 CVE-2023-45229: EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing the IA EDK2's Network Package is susceptible to an out-of-bounds read vulnerability when processing the IA_NA or IA_TA option in a DHCPv6 Advertise message. This vulnerability can be exploited by an attacker to gain unauthorized access and potentially lead to a loss of Confidentiality.